XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sophos Connect with OTP – eliminate 4 hours reauthentication

    Today when using Sophos Connect with OTP, the firewall asks for a new OTP token every 4 hours. According Sophos support, this value is hardcoded. If employees working the whole day remotely, an interruption very 4 hours is a pain.
    Please make these 4 hours configurable. Or at least extend it to 10 hours, so a full working day can be achieved without any interruption.

    23 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Remote reboot of a RED device

    Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sophos connect client allowed users

    The Sophos connect client permit list should be able to add users by active directory security group. We are a firm spread across 9 offices and the STAS works great on 17.5 MR9 to load the users to all firewalls but the process of adding all users into the connect client is really laborious especially when there is high turnover.

    49 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. multiple WAN interface option in Ipsec client vpn settings

    Need the Option to add multiple WAN interfaces in Sophos Connect client settings.
    if there is 2 WAN connection and 1 connection is down then the remote client don't have any option to connect to VPN through 2nd available ISP. if this option is available then the user will have 2 profiles in their Sophos connect client.

    35 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Option to load Balance with IPsec VPN

    Option require on load Balance with IPsec VPN

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Sophos Connect client connect pre login Windows for domain connection

    Please make it possible to connect Sophos Connect client VPN befor a Windows user is logged in like NCP client Pre-Logon feature, to get all AD domain features like GPO and networkshares.

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Downloading the Sophos Connect Client from User Portal

    There should be the posibility to download the Connect Client from the User Portal and not only from Webadmin

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. Client certificate based authentication for SSL VPN remote access

    Clients should be authenticated based on the client certificate instead of username/password for SSL VPN remote access. The Sophos XG should validate the certificate via a CRL or via OCSP.
    This functionality is supported by most other vendors and solutions (e.g. Cisco Anyconnect or OpenVPN).

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. Sophos SSL VPN Client

    Hello Sir,

    my problem with Sophos is the SSL-VPN client that doesn't support a certificate based authentication. I don't want to store my credentials on each PCs where I use SSL-VPN client neither want to enter every time the credentials. It would be nice to have a certificate based authentication with SSL-VPN client.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. Full tunnel VPN exceptions e.g. for Office 365 traffic

    Allow for exceptions to be created that will allow the traffic to go direct to the internet bypassing VPN configured as full tunnel for both SSL and IPsec VPN. This is recommended by Microsoft for Office 365 traffic.

    https://techcommunity.microsoft.com/t5/office-365-blog/how-to-quickly-optimize-office-365-traffic-for-remote-staff-amp/ba-p/1214571

    Alternatively it would be even better if Sophos can build in this functionality within the OS making it an option that can be enabled/disabled.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. SSL VPN Password reset portal.

    AD Users which has a 90 days password policy expiration. Causes a problem with the SSL VPN credentials.

    There should be a feature to reset the password and connect to the SSL VPN.

    Sort of a dial up password reset after 90 days for the SSL VPN users sync from the AD.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. Fix the DHCP Scope Limitation in Sophos RED Configurations

    We came upon a unique problem, had two Sophos RED appliances (RED 15 and RED 50) that were configured for two completely different companies. They both functioned just fine for a day or so, then went offline completely shutting down the site. RED services in the XG firewall crashed and wouldn't restart.

    Turns out you cannot have more than one DHCP scope in a RED configuration. We had parsed the IP ranges to 2 and 3 scopes to account for static reservations that already existed. Having more than one DHCP scope basically crashed the RED services on the XG.

    According…

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add GCM Ciphers

    Add AES128GCM and other GCM ciphers to the IPSec and SSL VPN options. They perform much better. At the moment only CBC ciphers seem to be used.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. sophos connect

    Can we've an option to integrate AD with Sophos Connect same as SSL VPN?

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. VPN Client: Check endpoint device health before connecting

    Ability to filter VPN client by checking that they are fully patched and running AV/anti-malware software, i.e. if the client is insecure then they cannot connect to the VPN.

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Option to assign each user for SSL VPN remote for specific WAN interface

    Hello Team,

    We have customer here requesting to have on XG firewall an option to assign each user for SSL VPN remote for specific WAN interface if XG has multiple ISP

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. Prioritize the primary or seconday public gateway option on sophos XG 230

    Dear Support,

    We need the following option on sophos XG Firewall.

    Suggetion: while connecting to sophos remote ssl VPN, we need the option of prioritizing the primary or secondary ISP on Firewall.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Update SSL VPN Client for Parity with Latest OpenVPN Features

    Sophos XG pushes a number of options in SSL VPN which are undesirable in some deployments. I have already voted on an idea to expose more server side customisation.

    Likewise, the latest OpenVPN client has a number of new features and improvements not reflected in the version source version Sophos is using.

    Specifically, the pull-filter option available in OpenVPN 2.4 is a feature we really need for several customer deployments, it offers significantly more ease of use and flexibility than the route-nopull / route-noexec currently supported by Sophos SSL VPN client.

    https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway

    Support advised to try using the OpenVPN client…

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. Disconnect SSL VPN User after a set length of time

    Disconnect an SSL VPN user session after a set amount of time. E.G. if connection has been live for 10 hours disconnect it. The idle timeout doesn't work as there is still Anti-Virus updates and such running over the connection to the computer when the user is not there.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Force Microsoft NCSI probe as SSL VPN Connects

    (For Sophos Tech Support, this is from the back of #9887121)

    I was asked by Sophos Support Rep to post a feature request.

    We have seen with a large amount of our customers an issue arise whereby Sophos SSL VPN (OpenVPN) connects to the Sophos XG fine. With Sophos XG having "Default Gateway" checked for the SSL VPN users a default route is established as we expect.

    However, it cant take a while for Microsoft NCSI to complete it's probe to check if there is internet access. While the VPN interface is in "NoTraffic" or "No network access" mode, before…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 10 11
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.